#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (C) 2017 Google
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
<%= lines(autogen_notice(:python, pwd)) -%>

from __future__ import absolute_import, division, print_function
__metaclass__ = type

<%= lines(compile(pwd + '/templates/ansible/documentation.erb'), 1) -%>
################################################################################
# Imports
################################################################################
<%
  readonly_selflink_rrefs = object.all_resourcerefs
                                  .select { |prop| prop.resource_ref.readonly }
                                  .select { |prop| prop.imports == 'selfLink' }
                                  .map(&:resource_ref)
                                  .uniq
-%>

<%
  update_props = properties_by_custom_update(object.all_user_properties, :old)
  import = 'from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest'
  import += ', remove_nones_from_dict' unless properties_with_classes(object.all_user_properties).empty?
  import += ', replace_resource_dict' if nonreadonly_rrefs(object)
-%>
<%= lines(import) -%>
from ansible.module_utils._text import to_native
import json
import os
import mimetypes
import hashlib
import base64
<%
  imports = object.imports || []
  imports << 'time' if object.async
  imports << 're' unless readonly_selflink_rrefs.empty?
-%>
<%= lines(imports.sort.uniq.map { |i| "import #{i}" }) -%>

################################################################################
# Main
################################################################################


def main():
    """Main function"""

<%= lines(indent(compile(pwd + '/templates/ansible/module.erb'), 4)) -%>

    if not module.params['scopes']:
        module.params['scopes'] = <%= python_literal(object.__product.scopes) %>

    state = module.params['state']

    # If file exists, we're doing a no-op or deleting the key.
    changed = False
    if os.path.isfile(module.params['path']):
        fetch = fetch_resource(module)
        # If file exists and we should delete the file, delete it.
        if fetch and module.params['state'] == 'absent':
            delete(module)
            changed = True

    # Create the file if present state and no current file.
    elif module.params['state'] == 'present':
        create(module)
        changed = True

    # Not returning any information about the key because that information should
    # end up in logs.
    module.exit_json(**{'changed': changed, 'file_path': module.params['path']})


def create(module):
    auth = GcpSession(module, 'iam')
    json_content = return_if_object(module, auth.post(self_link(module), resource_to_request(module)))
    with open(module.params['path'], 'w') as f:
        private_key_contents = to_native(base64.b64decode(json_content['privateKeyData']))
        f.write(private_key_contents)


def delete(module):
    auth = GcpSession(module, 'iam')
    return return_if_object(module, auth.delete(self_link_from_file(module)))


def resource_to_request(module):
    request = {
        u'privateKeyType': module.params.get('private_key_type'),
        u'keyAlgorithm': module.params.get('key_algorithm')
    }
    return_vals = {}
    for k, v in request.items():
        if v:
            return_vals[k] = v

    return return_vals


def fetch_resource(module):
    auth = GcpSession(module, 'iam')
    return return_if_object(module, auth.get(self_link_from_file(module)))


def key_name_from_file(filename, module):
    with open(filename, 'r') as f:
        try:
            json_data = json.loads(f.read())
            return "projects/{project_id}/serviceAccounts/{client_email}/keys/{private_key_id}".format(**json_data)
        except ValueError as inst:
            module.fail_json(msg="File is not a valid GCP JSON service account key")


def self_link_from_file(module):
    key_name = key_name_from_file(module.params['path'], module)
    return "https://iam.googleapis.com/v1/{key_name}".format(key_name=key_name)


def self_link(module):
    results = {
        'project': module.params['project'],
        'service_account': replace_resource_dict(module.params['service_account'], 'name')
    }
    return "https://iam.googleapis.com/v1/projects/{project}/serviceAccounts/{service_account}/keys".format(**results)


def return_if_object(module, response):
    # If not found, return nothing.
    # return_if_object not used in any context where 404 means error.
    if response.status_code == 404:
        return None

    # If no content, return nothing.
    if response.status_code == 204:
        return None

    try:
        module.raise_for_status(response)
        result = response.json()
    except getattr(json.decoder, 'JSONDecodeError', ValueError) as inst:
        module.fail_json(msg="Invalid JSON response with error: %s" % inst)

    if navigate_hash(result, ['error', 'errors']):
        module.fail_json(msg=navigate_hash(result, ['error', 'errors']))

    return result


if __name__ == '__main__':
    main()
